Malicious actors may be able to abuse voice-based virtual assistants to hack into enterprise systems and researchers proved it through an attack that targets Microsoft Cortana.
Independent researchers Amichai Shulman, former CTO and co-founder of Imperva, and Tal Be’ery, former VP of research at Microsoft-acquired security firm Aorato, have found a way to conduct an evil maid attack that abuses the Cortana voice assistant to install malware onto a locked computer. The researchers are detailing their findings on Friday at Kaspersky Lab’s Security Analyst Summit (SAS) in Cancun, Mexico.
In Windows 10, if default settings are not changed, any user can interact with Cortana by saying “Hey Cortana,” and it works even if the device is locked.
Shulman and Be’ery explained that when the device is locked, the screen is locked and the keyboard cannot be used to control applications, but apps can still run in the background.
In an attack scenario they described, an evil maid (i.e. a hacker who has physical access to the targeted machine) can install malware on a locked device by telling Cortana to access a website, intercepting traffic to that site using a device attached to the PC, and injecting malicious code into the connection.
One of the voice commands accepted by Cortana from the lock screen is “go to [website domain].” If the user tells Cortana to access any site, Windows launches a browser process and sends a query for the domain name to Bing. In the case of “privileged” websites, such as cnn.com, Windows would launch a browser process and navigate to the site directly. After being notified by the researchers of the potential for abuse, Microsoft has decided to make some changes and no longer allow direct browsing from a locked machine.
The first step in the attack scenario described by Shulman and Be’ery involves plugging in a rogue USB network card or network cable into the targeted machine. The attacker then instructs Cortana to access a privileged website that does not use a secure HTTPS connection (e.g. cnn.com).
Since the connection is not protected, the hacker’s network card can be used to conduct a man-in-the-middle (MitM) attack and replace normal traffic with malicious code, such as a web browser exploit designed to deliver a piece of malware. The malware then provides a remote backdoor to the compromised system.
If the attacker already had access to a system, they could have conducted a remote attack where a piece of malware played an audio file that instructed Cortana to navigate to an arbitrary website. This could have been used to hack other devices on the targeted enterprise network.
“The attacker uses the infected computer speakers to send the Cortana commands as before (plays ‘Go to CNN.com’). The attacker gets network access to the next victim computer (the equivalent of the network cable USB network card) through a known network attack (e.g. ARP poisoning) and replaces the content of cnn.com with malicious content,” Be’ery told SecurityWeek.
Microsoft made some server-side changes in August 2017 in order to prevent abuse, but Shulman and Be’ery believe there could be other Cortana commands that can be leveraged for similar attacks, and noted that the research can be extended to other voice assistants, such as Apple’s Siri.
As part of their research, the experts also developed a tool, named Newspeak, that acts as a proxy for communications between Cortana and Microsoft servers.
“The Newspeak tool enables its user to monitor Cortana requests (user says ‘go to cnn.com’ and Cortana cloud sends that interpreted text back) and results (Cortana cloud commands the Cortana client to perform the action of ‘browse to cnn.com’) and therefore create an audit log of Cortana. It can be used to detect malicious and abnormal usage and block/alert,” Be’ery explained.
“Another use of the Newspeak tool can be to alter the commands for fun/malicious purposes (user request cnn, let’s give him fox news), or for defensive use cases (instead of going to the HTTP version of CNN go to the HTTPS version),” he added.
The researchers told SecurityWeek that they will make the Newspeak tool available at some point.